OpenVPN on ZTE Blade

[Guest pbando]

Hi,

I managed to complie the tun.ko kernel module which can be used for openvpn software. I used the San Frans kernel from ZTE site.

it works with 2.1 Eclair ONLY, I would need the 2.2 kernel source to be able to compile it to Froyo.

Compilation was according to this guide:

http://android.modaco.com/content/htc-hero...r-for-htc-hero/

Usage (phone should be rooted):

1) Copy the tun.ko to /system/lib/modules/ using Root Explorer or by adb + R+W remounting (http://android.modaco.com/content/zte-blade-blade-modaco-com/322750/system/)

2) use "OpenVPN Installer" to install the openvpn binary:

- Appbrain link: http://www.appbrain.com/app/openvpn-instal...envpn.installer

- start OpenVPN installer

- select /system/xbin for target loaction of openVPN binary

- select /system/xbin/bb for location of ifconfig and route commands. None of the other locations was working for me. (The location of ifconfig and route is crutial because busybox should be used otherwise the ifconfig and route commands pushed by server will fail with "invalid argument". /system/xbin does not work for some reason even if /system/xbin/bb is a simlink to it).

- after installation you can remove the OpenVPN installer, the binary openvpn from /system/xbin will not be removed during uninstallation

3) Create openvpn folder on SDCARD and put the configuration there (configfile.ovpn, certificates etc)

4) install openVPN Setting from AppBrain: http://www.appbrain.com/app/openvpn-settin...android.openvpn.

Launch openVPN Settings and go to Advanced menu

- Load tun kernel module: yes

- TUN module settings:

- Load module using: insmod

- Path to tun module: /system/lib/modules/tun.ko

- path to configurations: /sdcard/openvpn

- path to openvpn binary: /system/xbin/openvpn

- Fix HTC Routes: no

- Show ads: yes/no

5) at this point the program will read the /sdcard/openvpn/ and you should see the profile, maybe restart of "OpenVPN Settings" is needed

6) you can longpress on the .opvn config to set extra DNS parameter, I did not chnage those.

Issues:

- OpenVPN settings starts automatically on boot. Use some startup disabler.

- FROYO users: in Paul's 2.2 ROM the /system/xbin/bb symlink does not exist and the /system/xbin does not contain the busybox links. So if in your ROM the /system/xbin/bb/ directory does not exist you have to create it and add the necessery symlinks:

adb shell mkdir /system/xbin/bb

adb shell ln -s /system/bin/busybox /system/xbin/bb/ifconfig

adb shell ln -s /system/bin/busybox /system/xbin/bb/route

I've also complied CIFS/SAMBA module, that aslo works using the standard mount -t cifs... command. Put it to the /system/lib/modules/ and load it with "insmod /system/lib/modules/cifs.ko". Note: CIFS is not required for OpenVPN.

(sudo mount -t cifs //netbiosname/sharename /media/sharename -o username=winusername,password=winpassword)

Note: I'm not an expert of OpenVPN so I just compiled the module and it just works for me.

tun_eclair_2.1.zip

tun_froyo_2.2.zip

Edited January 10, 2011 by pbando

[Guest goatee]

Nice work! Were there any issues using the (slightly dodgy) ZTE kernel?

[Guest pbando]

Nice work! Were there any issues using the (slightly dodgy) ZTE kernel?

No, I'm not an expert of kernel compilation, but the comilation guide was working perfectly.

Edited November 11, 2010 by pbando

[Guest goatee]

No, I'm not an expert of kernel compilation, but the comilation guide was working perfectly.

Good to know - I don't have need of VPN now, but when on public wi-fi networks, I'd use it, as I don't know if you can tunnel as I do with my laptop.

[Guest mrflibbles]

Great work. This topic should be pinned.

It's fantastic timing, I've had my blade for a few weeks but only wanted VPN today and this is just what I was looking for.

I can confirm that it works on the UK Orange San Francisco using MCR r4

Anyone know if OpenVPN can work with Cisco VPN? Or do you need to use VPNC?

http://code.google.com/p/get-a-robot-vpnc/

Edited November 12, 2010 by mrflibbles

[Guest pbando]

Great work. This topic should be pinned.

It's fantastic timing, I've had my blade for a few weeks but only wanted VPN today and this is just what I was looking for.

I can confirm that it works on the UK Orange San Francisco using MCR r4

Anyone know if OpenVPN can work with Cisco VPN? Or do you need to use VPNC?

http://code.google.com/p/get-a-robot-vpnc/

As I know OpenVPN is a different protocol from Cisco VPN.

Please report here if "get-a-robot-vpnc" works, I have troubles to connect to my company's vpn, on Desire it works (vpnc). As I understood get-a-robot-vpnc uses tun.ko as well.

[Guest mrflibbles]

Please report here if "get-a-robot-vpnc" works

It connects to our Cisco VPN at work.

NOTE : If you are using the HTC_IME keyboard beware that it can insert spaces after "." characters if you're not careful.

As I understood get-a-robot-vpnc uses tun.ko as well.

It does.

Thanks again for building it for us Blade users.

Edited November 12, 2010 by mrflibbles

[Guest Magnets]

Installed tun.ko and openVPN installer/settings, but openvpn settings gives a force close when I enable my client.ovpn

### Client configuration file for OpenVPN


# Specify that this is a client

client


# Bridge device setting

dev tap


# Host name and port for the server (default port is 1194)

# note: replace with the correct values your server set up

remote <removed> 443


# Client does not need to bind to a specific local port

nobind



# Keep trying to resolve the host name of OpenVPN server.

## The windows GUI seems to dislike the following rule. 

##You may need to comment it out.

resolv-retry infinite


# Preserve state across restarts

persist-key

persist-tun


# SSL/TLS parameters - files created previously

ca ca.crt

cert client.crt

key client.key


# Since we specified the tls-auth for server, we need it for the client

# note: 0 = server, 1 = client

tls-auth ta.key 1


# Specify same cipher as server

cipher BF-CBC


# Use compression

comp-lzo


# Log verbosity (to help if there are problems)

verb 3

Any ideas?

[Guest Magnets]

11-25 20:08:35.276: ERROR/AndroidRuntime(5242): Uncaught handler: thread OpenVPN-DaemonMonitor[/sdcard/openvpn/client.ovpn]-daemon-stdin exiting due to uncaught exception

11-25 20:08:35.286: ERROR/AndroidRuntime(5242):	 at de.schaeuffelhut.android.openvpn.util.Shell.joinLoggers(Shell.java:139)

11-25 20:08:35.286: ERROR/AndroidRuntime(5242):	 at de.schaeuffelhut.android.openvpn.service.DaemonMonitor$1.onCmdTerminated(DaemonMonitor.java:160)

11-25 20:08:35.286: ERROR/AndroidRuntime(5242):	 at de.schaeuffelhut.android.openvpn.util.Shell.run(Shell.java:116)

[Guest buneech]

Installed tun.ko and openVPN installer/settings, but openvpn settings gives a force close when I enable my client.ovpn

### Client configuration file for OpenVPN


# Specify that this is a client

client


# Bridge device setting

dev tap


# Host name and port for the server (default port is 1194)

# note: replace with the correct values your server set up

remote <removed> 443


# Client does not need to bind to a specific local port

nobind

# Keep trying to resolve the host name of OpenVPN server.

## The windows GUI seems to dislike the following rule. 

##You may need to comment it out.

resolv-retry infinite


# Preserve state across restarts

persist-key

persist-tun


# SSL/TLS parameters - files created previously

ca ca.crt

cert client.crt

key client.key


# Since we specified the tls-auth for server, we need it for the client

# note: 0 = server, 1 = client

tls-auth ta.key 1


# Specify same cipher as server

cipher BF-CBC


# Use compression

comp-lzo


# Log verbosity (to help if there are problems)

verb 3

Any ideas?

Does that config work on a computer?

Because i just installed, and i use openvpn at work to connect to my home network everyday. Just connected using the other config from my blade, and it worked instantly.

[Guest pbando]

You should use TUN device and not TAP. TAP is not supported and wont be.

# Bridge device setting

dev tap

so it should be

dev tun

But note that the same should be on the server side. If server requires TAP then no luck.

http://openvpn.net/index.php/open-source/f...nd-routing.html

http://openvpn.net/index.php/open-source/f...figuration.html

Edited November 26, 2010 by pbando

[Guest buneech]

You should use TUN device and not TAP. TAP is not supported and wont be.

Seriously? I use a TAP device, and it works just fine.

[Guest pbando]

Seriously? I use a TAP device, and it works just fine.

Ok just searched some topic and seems TAP is working as well with this module, but maybe this is not really correct in the config: persist-tun

Anyway try to make it working from a linux/windows machine first, it is much easier to debug there, and use the same config on blade.

Im using R4 2.1 Eclair. I assume it does not work on froyo (different kernel).

Edited November 26, 2010 by pbando

[Guest Magnets]

I created a new config using gnome network-manager applet and tested in a virtual machine it so I know it works (exported the settings).

Do I need to give full paths to the configs? I presume they only need to be relative the the directory specified in the settings (/sdcard/openvpn)

client

remote <> 443

ca ca.crt

cert client.crt

key client.key

cipher BF-CBC

comp-lzo yes

dev tap

proto udp

tls-auth ta.key 1

nobind

auth-nocache

script-security 2

persist-key

persist-tun

I tried trimming down to the bare essentials, still force closes.

client

remote <> 443

ca ca.crt

cert client.crt

key client.key

cipher BF-CBC

comp-lzo yes

dev tap

proto udp

tls-auth ta.key 1

nobind

Forgot to add, I am using the stock rom at the moment. Since there are no error messages to be found it looks like I need to install another ROM to get this working.

Edited November 26, 2010 by Magnets

[Guest buneech]

Ok just searched some topic and seems TAP is working as well with this module, but maybe this is not really correct in the config: persist-tun

persist-tun works in my case.

I created a new config using gnome network-manager applet and tested in a virtual machine it so I know it works (exported the settings).

Do I need to give full paths to the configs? I presume they only need to be relative the the directory specified in the settings (/sdcard/openvpn)

Forgot to add, I am using the stock rom at the moment. Since there are no error messages to be found it looks like I need to install another ROM to get this working.

Here are my config files:

Server:

daemon

server-bridge

proto udp

port 1195

dev tap21

comp-lzo adaptive

keepalive 15 60

verb 3

ca ca.crt

dh dh.pem

cert server.crt

key server.key

status-version 2

status status

Client:

client

dev tap


ifconfig 192.168.x.x 255.255.255.0


ca ca.crt

cert client2.crt

key client2.key


proto udp

remote <host> 1195

keepalive 10 60

resolv-retry infinite

nobind

persist-key

persist-tun

ns-cert-type server

cipher BF-CBC

comp-lzo

verb 3

float

I use MoDaCo r4 2.1 ROM.

[Guest pbando]

I dont know why it fails, but you need busybox, because the ifconfig and route commands in the stock ROM are not OK.

If you execute e.g ifconfig the stock rom will not result anything, while the busybox ifconfig does (like in your linux). Of course you can install busybox as well. Check wteher you have busybox in /system/xbin. /system/xbin/bb symlink must exist too.

Edited November 27, 2010 by pbando

[Guest kalusu]

3) Create openvpn folder on SDCARD and put the configuration there (configfile.ovpn, certificates etc)

where can i find these files?

[Guest ASze]

3) Create openvpn folder on SDCARD and put the configuration there (configfile.ovpn, certificates etc)

where can i find these files?

You should create/generate those, depending on your OpenVPN server settings.

[Guest gefo]

Did anyone have success with openvpn and froyo? I think another tun.ko is needed - or a fitting kernel source to build it.

(using Pauls alpha 5 atm)

[Guest wbaw]

Did anyone have success with openvpn and froyo? I think another tun.ko is needed - or a fitting kernel source to build it.

(using Pauls alpha 5 atm)

2.2 has vpn support built in :unsure:

[Guest rjm2k]

2.2 has vpn support built in :unsure:

so does 2.1, but afaik neither support openvpn.

[Guest gefo]

It has support for PPTP, L2TP and IPSec, but no openvpn support.

Does anyone know, which kernel would be the right one to build the tun.ko?

[Guest mrflibbles]

AFAIK there ZTE has not yet released the 2.2 source code. I don't think you can build a San Francisco 2.2 compatible tun.ko without them

Edited January 3, 2011 by mrflibbles

[Guest pellen]

It has support for PPTP, L2TP and IPSec, but no openvpn support.

Does anyone know, which kernel would be the right one to build the tun.ko?

It has the support indeed, but it wont work for me B) (running 2.2 alpha5)

When I try to connect to my PPTP VPN I get timeout all the time, but it works perfect on my gf's Desire with 2.2 :unsure:

[Guest gefo]

What do you mean by "it has the support"? I can Install the openvpn software - but I could not find a working tun.ko module.

I tried a few - after inserting them with insmod tun.ko, they all reported

insmod: init_module 'tun.ko' failed (Exec format error)

tun.ko provides the tun device which is necessary for openvpn.